CVE-2018-20059: jaxb/JaxbEngine.java in Pippo 1.11.0 allows XXE.
infovulnerability
security
Summary
CVE-2018-20059 is a vulnerability in Pippo version 1.11.0 where the JaxbEngine.java file allows XXE attacks (XML external entity attacks, a type of injection where an attacker manipulates XML input to access unauthorized data or execute malicious code). The vulnerability relates to improper handling of XML external entity references in the application's code.
Vulnerability Details
CVSS Score
7.5
EPSS (30-day exploit probability)
EPSS: 0.4%
Classification
Attack SophisticationModerate
Taxonomy References
CWE (Weakness Type)
Original source: https://nvd.nist.gov/vuln/detail/CVE-2018-20059
First tracked: February 15, 2026 at 08:43 PM
Classified by LLM (prompt v3) · confidence: 95%